[Samba] Group Policies are not applied

Pisch Tamás pischta at gmail.com
Fri Mar 19 10:48:19 UTC 2021


I tried to solve the problem, but without success. I googled, tried out
I give some additional info.
dc1 is a guest on an xcpng hypervisor (site1). dc2 is a guest on a Windows
2008 R2 Hyper-V (site2, default). I connect to the domain through VPN.
The replication between the servers is ok.
I can ping the dcs. As I said, I can join to the AD, and can log in as a
domain user.
nslookup ad.ourdomain.hu
Server: Unknown
Name: ad.ourdomain.hu
nltest /query
Flags: 0
Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
I tried to rejoin the client (disjoin; on dc: samba-tool computer delete
testcomputer\$;on client: join), but the situation is the same.
Any idea, what could cause that, and what can I do with it?


Tamas Pisch.

Pisch Tamás <pischta at gmail.com> ezt írta (időpont: 2021. márc. 16., K,

> Hi,
> I set up a policy as test. When I run
> gpupdate /force
> on a Windows 10 client, I get error messages:
> -Group policy processing was unsuccessful. Windows cannot resolve computer
> name.
> -Group policy processing was unsuccessful. Windows cannot resolve user
> name.
> The windows client was joined the domain, and I logged in with a domain
> user.
> Server side: Samba 4.13.4. It is a fresh installation. I went through the
> Samba documentation, and the test commands run successful, so I don't know,
> what Windows cannot resolve.
> I installed RSAT. I added our AD to the Group policy management tool. When
> I click on ad.ourdomain.hu, I get an error:
> Processing error encountered with this default domain controller while
> data-collection (sorry, I tried to translate it from Hungarian to English).
> Change the domain controller and try again.
> I applied samba-tool sysvolreset after I got error message related to rpc
> too.
> I installed two dcs: dc1, dc2. dc2 gets sysvol content with rsync.
> smb.conf:
> [global]
>         bind interfaces only = Yes
>         dns forwarder =
>         interfaces = lo eth0
>         netbios name = DC1
>         realm = AD.OURDOMAIN.HU
>         server role = active directory domain controller
>         workgroup = AD
>         idmap_ldb:use rfc2307 = yes
>         allow dns updates = secure only
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> [netlogon]
>         path = /var/lib/samba/sysvol/ad.ourdomain.hu/scripts
>         read only = No
> Regards,
> Tamas Pisch.

More information about the samba mailing list